Primary Group SID
abartlet at samba.org
Sat Feb 14 21:57:04 GMT 2004
On Sun, 2004-02-15 at 01:41, Bostjan Golob wrote:
> Attached is a patched patch that first checks if it can get the
> gidNumber from LDAP. If not, it goes through getpwnam() to acquire the
> primary gid number.
Except that this isn't quite how you have it. Before we can read
gidNumber, we should determine that we have a posixAccount. Basically,
we need to retrieve the old 'ldap trust ids' code, and use it. I think
this got lost in the IDMAP removal, before 3.0 shipped.
(Grab an old CVS copy of pdb_ldap, and see how it was done).
> If primary GID->SID translation is too expensive for init_sam_from_ldap,
> I can patch get_domain_user_groups from rpc_server/srv_util.c to do it
> instead when enumerating the user's groups. It will require a getpwnam()
> call though, and I don't know how much code checks the primary group SID
No, this belongs in the backend. There is also some stuff about the
smb.conf substitution code that would benefit from this information - we
lost %u and %g support when we lost the posix info.
Jerry is also going to need to look at this, as he pulled most of this
out, and I need to know what was IDMAP murder, and what was due to other
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040215/456f1ff9/attachment.bin
More information about the samba-technical